build: bump com.github.slugify:slugify from 3.0.7 to 4.0.0

[dependabot]

Bumps com.github.slugify:slugify from 3.0.7 to 4.0.0.

Changelog

Sourced from com.github.slugify:slugify's changelog.

[4.0.0] - 2026-04-25

Added

• SLF4J error logging when an IOException occurs while loading a language bundle
• Javadoc step in the CI check workflow to enforce -Xdoclint:all at build time
• PMD design rule category added to the ruleset
• JMH benchmarks for the transliterator and custom replacements code paths

Changed

• Class.getResourceAsStream() replaces context ClassLoader for resource loading, ensuring compatibility with JPMS in OSGi and application server environments
• Transliterator instance is now cached per Slugify instance instead of being created on every slugify() call (~3.7× performance improvement in transliterator mode)
• Slugify class is now declared final
• Checkstyle configured to fail the build on any warning (maxWarnings = 0)
• Java 21 or higher is now required
• Gradle configuration cache enabled
• GitHub Actions pinned to commit SHAs for supply-chain security
• Dropped dependency-check plugin (replaced by Renovate; was also incompatible with Gradle configuration cache, see dependency-check-gradle#339)
• Dropped versions plugin (replaced by Renovate; was also incompatible with Gradle configuration cache, see gradle-versions-plugin#666)
• Switched to Gradle Java Toolchain for explicit JDK version pinning
• Migrated publishing to Central Publisher Portal via nmcp
• Addressed Gradle 10.0 deprecations for forward compatibility

Fixed

• Leading and trailing underscores are now trimmed when using underscore separator mode
• Removed @SuppressWarnings("PMD.UnitTestShouldIncludeAssert") made obsolete by the PMD 7.24.0 fix for false positives in lambda assertions (pmd#4272)
• Removed unused slugify.properties base file left over from a prior ResourceBundle.getBundle() approach

Commits

• 9ce6b5f build: migrate signing properties to providers.gradleProperty
• be85fa5 build: switch nmcp to project plugin with providers.gradleProperty credentials
• 0becfb5 ci: use providers.environmentVariable for nmcp credentials to fix configurati...
• 65677b3 ci: move Central Portal credentials to job-level env
• 99eaadd ci: add javadoc step to publish workflow
• b578404 build: migrate publishing to Central Publisher Portal via nmcp
• 4f1d7e4 docs(changelog): release 4.0.0
• bc1b9f1 docs: unify @​param descriptions in Slugify constructor to concise 'Sets wheth...
• 3739ded docs(changelog): add missing unreleased entries for toolchain, OSSRH and Grad...
• 17855ba docs(readme): document that custom replacements take precedence over built-in...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)